Liquibase Security

Keeping your data secure

Liquibase maintains administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, disclosure, alteration, loss, and misuse.

No online transmission is ever guaranteed to be fully secure or error-free, including email. Liquibase recommends not sending or disclosing any sensitive personal information to us directly or through our products.

Example: protected health information, passwords, and authentication/authorization credentials for other services.

For more detailed information on how Liquibase collects and uses your personal information, read the Privacy Policy. If you have any questions about this Privacy Policy or use of your personal information, you can contact us.

Enhancing your database security

Liquibase lets you validate all database changes and use automation to control database access:

  • If you store credentials for your application CD solution in a central, secure location such as HashiCorp Vault, automation can gather credentials from the tool and pass them to Liquibase without direct human access. Using this best practice with Liquibase decreases the surface area for database attacks.
  • If you have a large number of users who make manual schema changes to the database, Liquibase eliminates the need for them to have direct database access.

Storing your credentials

Liquibase recommends storing user credentials in a secure credential repository, entering them in the CLI at runtime, or using Liquibase Environment Variables.

Using Liquibase and source control

Source control systems will help you manage and track the history of your resources, including changelogs and changesets. Using source control, you have an option to view when a file was changed, compare the changes that were made, and know who made the changes. Liquibase works with any source control system.

Liquibase versions your database changes, so storing these changes in a Source Control Management system is a best practice. Liquibase recommends you follow these best practices:

  • Keep changelogs in the same repository as application code to ensure everything is kept in sync.
  • Keep changesets in separate files to save time on searches and updates or avoid potential merge conflicts.
  • Keep changelogs organized to identify your files by releases, database object types, or other information you prefer.
  • Use branch and file naming standards to maintain logical patterns so you can see the exact changes in your branches and files.

Keeping your Liquibase Hub data secure

Here is what Liquibase does to keep Liquibase Hub data secure:

  • Data encrypted in transit via secure HTTPS calls
  • Data encrypted at rest once stored in our database
  • Data secured via PostgreSQL Row Level Security

Collecting your Liquibase Hub data

Liquibase only sends information to Liquibase Hub when you provide all of the following:

  • A valid Liquibase Hub API keys.
  • A registered changelog file, except for the drop-all command which does not require a changelog file.
  • The liquibase.hub.mode property set to all or meta. If you set the property to off, no data will be sent to Liquibase Hub.
  • Your system allowing https connections

Without all these conditions, no information will be sent to Liquibase Hub.

The information that Liquibase sends to Liquibase Hub is determined by the liquibase.hub.mode property setting. Liquibase recommends using LIQUIBASE_HUB_MODE environment variable to control which environments can send which kind of data. Liquibase Hub collects data based on the setting in the Liquibase properties file or the Maven POM file:

  • off sends no data to Liquibase Hub, even if you have a valid Liquibase Hub API Key in your defaults file.
  • meta sends what Liquibase considers the metadata, such as changelog name, changeset name, comments, username, timestamps, Liquibase version, Liquibase integration, and similar meta settings. Use the meta setting for connections where sensitive information might be transmitted using Liquibase, typically DML scripts with personally identifiable information. Applying the meta setting prevents sensitive information from being transmitted to Liquibase Hub and limits users’ ability to use Liquibase Hub in identifying an update failure if one occurs.
  • all sends the metadata in addition to the changeset body from the changelog, generated SQL executed by the Liquibase core app, operation-event logs, and change-event logs.